Given the importance of data security and the protection of personal data in the advanced information and communications society, GNTD shall endeavor to appropriately manage and protect data in its possession in accordance with the policy stated hereunder.
1. Compliance with Laws and Regulations of Japan
GNTD shall comply with policies, guidelines, and any other rule prescribed in Japanese laws and regulations and by administrative organs.
2. Establishment of a Management System
A management system shall be established within GNTD and the division of responsibilities shall be clarified.
3. Compliance with Internal Policies, Rules, Guidelines, etc.
GNTD shall formulate and comply with internal policies, rules, guidelines, and any other internal documentation which prescribes rules.
4. Implementation of Safety Measures
GNTD shall implement safety measures, and take preventative measures against unauthorized access to data, and the loss, damage, falsification, leaks or any other data breach.
5. Implementation of Training and Educational Activities
GNTD shall promote training and educational activities for employees with an aim to enhance their knowledge and awareness of data management so that data is managed appropriately.
6. Coordination with Subcontractors
If work relating to data management is subcontracted to other companies, then GNTD shall select a party with adequate experience and capabilities, shall prescribe matters concerning the duty of confidentiality in relevant agreements and shall ensure that data is managed appropriately.
7. Operational Improvement Initiatives
GNTD shall regularly check whether data is appropriately managed and shall continuously exercise initiatives to improve operations.
8. Measures Upon Occurrence of Accidents
If accidents occur, GNTD shall minimize damage and swiftly publish necessary data, and take appropriate measures, including measures to prevent recurrence thereof.
9. Clarification of Inquiries Desk
GNTD shall establish an inquiry desk in order to respond swiftly in good faith, to inquiries, complaints and requests from customers.
10. Publication of this Policy
GNTD shall widely publish policies concerning data security and the protection of personal data, including this Policy by posting it on its website, etc.
Revised on July 16, 2019
Grand Nikko Tokyo Daiba (hereinafter referred to as “GNTD”) shall process reservation records as stated hereunder.
1. Management of Personal data
GNTD shall, with a recognition of the importance of customers’ personal data submitted by customers, strictly manage such data using computers, etc., paying close attention to the processing thereof.
2. Shared Use
GNTD shall jointly use the reservation records of customers in order to provide services closely related to travel, including hotel or air travel., publicize products and campaigns, and conduct work associated thereto.
* 1 Hotel Okura Group companies are Hotel Okura Enterprise Co., Ltd., Hotel Okura Space Solutions Co., Ltd. and Continental Foods Co., Ltd..
* 2 JAL Group Airlines are Japan Airlines Co., Ltd., Japan Transocean Air Co., Ltd., J-AIR Co., Ltd., Japan Air Commuter Co., Ltd., Ryukyu Air Commuter Co., Ltd. and Hokkaido Air System Co., Ltd.
3. Provision of Reservation Records to Travel Agents
GNTD shall provide the above data provided for in the above item 2 to travel agents if an inquiry is made based on a reservation number provided to the travel agent by a customer.
4. Provision to Third Parties
Except for the abovementioned, GNTD shall not provide or disclose reservation records and data to third parties unless customers have given their consent or unless required to comply with a legal obligation.
5. Confirming Reservations
GNTD shall issue a reservation confirmation concerning reservations accepted by our hotel following the finalization of a reservation by mail, fax or email, etc. to the address, telephone number, fax number or email address specified by customers. Furthermore, please note that when making reservations via our website, an email message confirming the reservation will be sent to the email address provided by the customer.
6. Inquiries Related to Reservation Record
GNTD shall accept inquiries, related to reservation records from customers as follows and shall respond in a swift and appropriate manner within reasonable bounds.
7. Inquiries Related to Other Reservations
Inquiries related to reservation records from customers who have not made reservations with Grand Niko Tokyo Daiba or the Okura Nikko Hotels Reservation Center should be made directly to the hotel, facility or travel agent. that processed the reservation.
Revised on July 16, 2019
In addition to personal data in reservation records, Grand Nikko Tokyo Daiba. (hereinafter referred to as “GNTD”) shall process such personal data as received directly from customers or obtained from travel agents and companies which have contractual relations with GNTD in the following manners.
1. Management of Personal data
GNTD shall, with a recognition of the importance of customers’ personal data submitted by customers, strictly manage such data using computers, paying close attention to the processing thereof.
2. Purpose of Use of Personal data
Personal data provided shall be used within the scope necessary to achieve the following purposes.
3. Provision of Personal data to third Parties
Personal data shall not be provided or disclosed to third parties except when falling under any of the following cases.
(*1) Hotel Okura Group companies are Hotel Okura Enterprise Co., Ltd., Hotel Okura Space Solutions Co., Ltd. and Continental Foods Co., Ltd..
4. Inquiries Related to Personal data
Customers’ Inquiries related to their own registered personal data shall be dealt with in a reasonably prompt manner upon personal inquiry by a customer.
Revised on July 16, 2019
Please refer below site regarding processing of One Harmony Membership personal Data.
SSL (Secure Sockets Layer) refers to the protocol for encrypting and transmitting data over the internet. SSL is a security function that aims to protect important data such as personal data transferred over the Internet from theft, falsification and spoofing by third parties. On the website operated by Okura Nikko Hotel Management Co., Ltd. (hereinafter referred to as “ONHM”) the accommodation reservation page for inserting personal data is an SSL secure page. (Certain pages allow users to select non-SSL communication.)
1. Importance of SSL
The encryption of protocols currently used on the internet is not regulated and thus third parties are able to insert line monitors, PCs, etc. into lines to view data that crisscrosses the internet. The Internet is a network made up of interconnecting websites and a number of relay sites exist between access points and users, making it difficult to grasp whether a site is safe. For this reason, ONHM website prevents eavesdropping, etc. by third parties by utilizing secure communication using SSL when transmitting important data, especially personal data, etc. over the Internet.
2. SSL Structure
SSL first conducts electronic authentication between GNTD and customers prior to customers’ sending personal data (digital certificates and digital signatures), and transmits data after conducting cross certification. In doing so, exchanges between GNTD and customers are disturbed by random digits, and false transmissions to third parties posing as customers who attempt to steal data are prevented. Furthermore, data transmitted using SSL is encrypted using a method which combines two types of encryption methods; public key encryption (RSA) and symmetric key encryption (private key cryptography). An electronic “key” is required to decipher this data. Even if data is intercepted by third parties, it is impossible to decrypt encrypted data without the correct key. Although the number of available keys is finite, it is extremely difficult for third parties to decrypt data as it requires an unrealistically long time, even if work is conducted computationally using a computer, etc., to find the right key by testing all keys in turn.
3. SSL Enabled Browsers
A special configuration is not necessary in order to use SSL. SSL functions automatically when using SSL enabled browsers such as Internet Explorer, Firefox, etc. in their default configuration. It may not be possible to access SSL secure pages or enter data when using browsers that do not support SSL.
* It may not be possible to transmit data using SSL due to FireWall configurations if the customer is connected to the internet via a FireWall on an internal LAN such as a LAN within a company.
4. Data Protection
The website operated by GNTD uses SSL (Secure Sockets Layer) encryption technology on the pages in which personal data is inserted as a safety measure when gathering customers’ personal data. As a result, it encrypts data traveling across the internet and prevents data leaks.
This document is posted only for the purpose of providing data to customers. It does not intend to recommend, request, or demand the use or otherwise of any specific software products.
Revised on July 16, 2019
Revised on July 16, 2019
Significant modifications to this Policy shall be announced on this website. Please check the website on a constant basis for up-to-date data on other minor modifications. Please note that GNTD shall assume no responsibility whatsoever for trouble resulting from failure to make such checks.
Please refer to the following for processing of Personal data of customers in the European Economic Area (hereinafter referred to as “EEA”) based on the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”).
This clause shall apply to the processing of personal data of person residing and/or located in the European Economic Area based on the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL N°2016/679 on the protection of natural persons with regarding to the processing of personal data and on the free movement of such data.
The personal data that Grand Nikko Tokyo Daiba (hereinafter referred to as “GNTD”, “we”, “our” or “us”) collects and processes are the one already listed.
Your personal data shall be collected as follows:
1. Legal basis for processing:
We will process and use personal data and other data to manage our contractual relationship with you.
We will process and use personal data because we have a legitimate interest to do so, including but not limited to the following purposes:
We will process and use personal data and other data to comply with a legal obligation, including but not limited to the following examples:
Alternatively, we may collect and use your personal data where you have given your specific consent to us doing so.
If the basis of our processing your data is consent, you can withdraw your consent to such processing at any time, including by amending your profile online or emailing privacy@tokyo.grandnikko.com.
However, if you withdraw this consent, in some circumstances, we then cease to process your personal data without jeopardizing any previous operations to which you have consented.
或者顧客針對顧客個人信息的收集、使用,授予本酒店特殊認可時,本酒店也可收集、使用顧客個人信息。
本酒店得到同意處理顧客信息的依據後,顧客可隨時通過包括顧客修訂在線簡介或向privacy@tokyo.grandnikko.com 發送電子郵件等方法在內的各種方式,撤銷對該處理的同意。
但顧客撤銷同意時,根據情況本酒店有可能在未變更原先已同意的處理辦法的情況下,停止處理顧客個人信息。
或者顾客针对顾客个人信息的收集、使用,授予本酒店特殊认可时,本酒店也可收集、使用顾客个人信息。
本酒店得到同意处理顾客信息的依据后,顾客可随时通过包括顾客在线简介的修订或向privacy@tokyo.grandnikko.com发送电子邮件等方法在内的各种方式,撤销对该处理的同意。
但顾客撤销同意时,根据情况本酒店有可能在未变更原先已同意的处理办法的情况下,停止处理顾客个人信息。
또한 호텔은, 고객이 고객의 개인정보의 수집 또는 이용에 대하여 호텔에 특정한 동의를 하신 경우, 고객의 개인정보를 수집 및 이용합니다.
고객은 해당처리로의 동의를 고객의 온라인 프로필 수정 또는 privacy@tokyo.grandnikko.com으로 이메일을 주시는 방법 등을 포함하여 언제든지 취소하실 수 있습니다.
그러나 호텔은, 고객이 본 동의를 취소하시는 경우, 경우에 따라, 취소 전 종전의 취급 내용을 변경하지 않은 상태에서, 고객의 개인정보의 처리를 정지합니다.
2. Transfer of your personal data:
Your personal data shall be transferred to and stored by ONHM and our service providers in countries outside the country in which you are located and outside the European Economic Area. We operate businesses in multiple jurisdictions, some of which are not located in the European Economic Area (EEA), such as Japan, China and USA. While countries outside the EEA do not always have strong data protection laws, we require all service providers to process your data in a secure manner and in accordance with Japanese and EU legislation on data protection. We organize personal data transfer from the European Union, the European Economic Area and / or their Member States, Switzerland and the United Kingdom to countries which do not provide a satisfactory level of protection of personal data through Standard Contractual Clauses.
3. Retention of Your Personal Data:
We will keep your data for as long as we need it for the purpose it is being processed for. For example, where you book a stay with us we will keep the data related to your booking, so we can fulfil the specific travel arrangements you have made and after that, we will keep the data for a period which enables us to process or respond to any complaints, queries or concerns relating to the booking. The data shall also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you. We will actively review the data we hold and delete it securely, or anonymize it, when there is no longer a legal, business or customer need for it to be retained.
4. Your Data Protection Rights
Under certain circumstances, by law you have the right to:
Such right can be specifically exercised as regards the following data:
This right is limited to processing based on consent or a contract as well as the personal data that you have personally generated.
5. Processor:
If processing is carried out on behalf of us by other people or companies, we shall select only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR. The processor shall not engage another processor without prior written authorization of us. The processing shall be governed by a contract that is binding on the processor with regard to us.
Grand Nikko Tokyo Daiba as named as representative in the EU the company Hotel Okura Amsterdam B.V.
Revised on July 16, 2019